From 0fb121893d9960d282dfbe2cc89ef6a843c93455 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Wed, 28 May 2014 10:33:33 -0700 Subject: [PATCH] Remove salt We don't really use the salt infrastructure that we set up, which means it's cruft. Go ahead and admit that we don't use it and remove it from our systems. Change-Id: Ic43695719cbad30aded16ac480deb3dfd9b2a110 --- launch/README | 9 +--- launch/launch-node.py | 30 ++---------- launch/utils.py | 21 --------- manifests/site.pp | 9 ---- .../files/salt-trigger.sudoers | 2 - .../manifests/puppetmaster.pp | 15 +++--- .../manifests/salt_trigger_slave.pp | 22 --------- modules/openstack_project/manifests/slave.pp | 7 +-- modules/salt/manifests/init.pp | 28 +++++++---- modules/salt/manifests/master.pp | 46 +++++++++++-------- 10 files changed, 64 insertions(+), 125 deletions(-) delete mode 100644 modules/openstack_project/files/salt-trigger.sudoers delete mode 100644 modules/openstack_project/manifests/salt_trigger_slave.pp diff --git a/launch/README b/launch/README index deb7327837..7f1283cdba 100644 --- a/launch/README +++ b/launch/README @@ -3,12 +3,11 @@ Create Server Note that these instructions assume you're working from this directory on an updated local clone of the repository on the -puppetmaster, and that your account is a member of the admin, puppet -and salt groups for access to their respective keys:: +puppetmaster, and that your account is a member of the admin +and puppet groups for access to their respective keys:: sudo adduser $(whoami) admin sudo adduser $(whoami) puppet - sudo adduser $(whoami) salt (Remember to log out and back into your shell if you add yourself to a group.) @@ -32,10 +31,6 @@ To launch a node in the OpenStack Jenkins account (slave nodes):: sudo puppet cert generate $FQDN ./launch-node.py $FQDN --image "$IMAGE" --flavor "$FLAVOR" -There is also a --salt option which can be used to tell the script to -automatically configure and enroll the server as a minion on the salt -master. - If you are launching a replacement server, you may skip the generate step and specify the name of an existing puppet cert (as long as the private key is on this host). diff --git a/launch/launch-node.py b/launch/launch-node.py index 27351b626e..e38ac8c7f4 100755 --- a/launch/launch-node.py +++ b/launch/launch-node.py @@ -23,7 +23,6 @@ import os import time import traceback import argparse -import shutil import dns import utils @@ -38,9 +37,6 @@ IPV6 = os.environ.get('IPV6', '0') is 1 SCRIPT_DIR = os.path.dirname(sys.argv[0]) -SALT_MASTER_PKI = os.environ.get('SALT_MASTER_PKI', '/etc/salt/pki/master') -SALT_MINION_PKI = os.environ.get('SALT_MINION_PKI', '/etc/salt/pki/minion') - def get_client(): args = [NOVA_USERNAME, NOVA_PASSWORD, NOVA_PROJECT_ID, NOVA_URL] @@ -56,8 +52,8 @@ def get_client(): return client -def bootstrap_server(server, admin_pass, key, cert, environment, name, - salt_priv, salt_pub, puppetmaster): +def bootstrap_server( + server, admin_pass, key, cert, environment, name, puppetmaster): ip = utils.get_public_ip(server) if not ip: raise Exception("Unable to find public ip of server") @@ -107,16 +103,6 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name, ssh_client.ssh("chmod 0750 /var/lib/puppet/ssl/private_keys") ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/public_keys") - if salt_pub and salt_priv: - # Assuming salt-master is running on the puppetmaster - shutil.copyfile(salt_pub, - os.path.join(SALT_MASTER_PKI, 'minions', name)) - ssh_client.ssh('mkdir -p {0}'.format(SALT_MINION_PKI)) - ssh_client.scp(salt_pub, - os.path.join(SALT_MINION_PKI, 'minion.pub')) - ssh_client.scp(salt_priv, - os.path.join(SALT_MINION_PKI, 'minion.pem')) - for ssldir in ['/var/lib/puppet/ssl/certs/', '/var/lib/puppet/ssl/private_keys/', '/var/lib/puppet/ssl/public_keys/']: @@ -138,7 +124,7 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name, def build_server( - client, name, image, flavor, cert, environment, salt, puppetmaster): + client, name, image, flavor, cert, environment, puppetmaster): key = None server = None @@ -159,15 +145,11 @@ def build_server( traceback.print_exc() raise - salt_priv, salt_pub = (None, None) - if salt: - salt_priv, salt_pub = utils.add_salt_keypair( - SALT_MASTER_PKI, name, 2048) try: admin_pass = server.adminPass server = utils.wait_for_resource(server) bootstrap_server(server, admin_pass, key, cert, environment, name, - salt_priv, salt_pub, puppetmaster) + puppetmaster) print('UUID=%s\nIPV4=%s\nIPV6=%s\n' % (server.id, server.accessIPv4, server.accessIPv6)) @@ -197,8 +179,6 @@ def main(): parser.add_argument("--cert", dest="cert", help="name of signed puppet certificate file (e.g., " "hostname.example.com.pem)") - parser.add_argument("--salt", dest="salt", action="store_true", - help="Manage salt keys for this host.") parser.add_argument("--server", dest="server", help="Puppetmaster to use.", default="ci-puppetmaster.openstack.org") options = parser.parse_args() @@ -239,7 +219,7 @@ def main(): print "Found image", image build_server(client, options.name, image, flavor, cert, - options.environment, options.salt, options.server) + options.environment, options.server) dns.print_dns(client, options.name) if __name__ == '__main__': diff --git a/launch/utils.py b/launch/utils.py index 2811a17ebc..0ed05c3319 100644 --- a/launch/utils.py +++ b/launch/utils.py @@ -30,7 +30,6 @@ try: except: pass import paramiko -import salt.crypt from sshclient import SSHClient @@ -136,26 +135,6 @@ def add_keypair(client, name): return key, kp -def add_salt_keypair(keydir, keyname, keysize=2048): - ''' - Generate a key pair for use with Salt - ''' - salt_priv = '{0}.pem'.format(keyname) - salt_pub = '{0}.pub'.format(keyname) - priv_key = os.path.join(keydir, salt_priv) - pub_key = os.path.join(keydir, salt_pub) - if not os.path.exists(priv_key) or \ - not os.path.exists(pub_key): - try: - os.makedirs(keydir) - except OSError: - pass - priv_key = salt.crypt.gen_keys(keydir, keyname, keysize) - path, ext = os.path.splitext(priv_key) - pub_key = '{0}.pub'.format(path) - return priv_key, pub_key - - def wait_for_resource(wait_resource): last_progress = None last_status = None diff --git a/manifests/site.pp b/manifests/site.pp index 6a77340661..1f86a874c8 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -162,7 +162,6 @@ node 'ci-puppetmaster.openstack.org' { node 'puppetmaster.openstack.org' { class { 'openstack_project::puppetmaster': root_rsa_key => hiera('puppetmaster_root_rsa_key', 'XXX'), - salt => false, update_slave => false, sysadmins => hiera('sysadmins', ['admin']), version => '3.4.', @@ -641,14 +640,6 @@ node 'pypi.slave.openstack.org' { } } -# Node-OS: precise -node 'salt-trigger.slave.openstack.org' { - include openstack_project - class { 'openstack_project::salt_trigger_slave': - jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key, - } -} - # Node-OS: precise node /^precise-dev\d+.*\.slave\.openstack\.org$/ { include openstack_project diff --git a/modules/openstack_project/files/salt-trigger.sudoers b/modules/openstack_project/files/salt-trigger.sudoers deleted file mode 100644 index 4fc848aaba..0000000000 --- a/modules/openstack_project/files/salt-trigger.sudoers +++ /dev/null @@ -1,2 +0,0 @@ -# Allow jenkins user to send Salt messages to the Salt Master -jenkins ALL=(ALL) NOPASSWD: /usr/bin/salt-call event.fire_master* diff --git a/modules/openstack_project/manifests/puppetmaster.pp b/modules/openstack_project/manifests/puppetmaster.pp index 8459fd585d..3d13d305f7 100644 --- a/modules/openstack_project/manifests/puppetmaster.pp +++ b/modules/openstack_project/manifests/puppetmaster.pp @@ -2,7 +2,6 @@ # class openstack_project::puppetmaster ( $root_rsa_key, - $salt = true, $update_slave = true, $sysadmins = [], $version = '2.7.', @@ -19,13 +18,6 @@ class openstack_project::puppetmaster ( ca_server => $ca_server, } - if ($salt) { - class { 'salt': - salt_master => 'ci-puppetmaster.openstack.org', - } - class { 'salt::master': } - } - if ($update_slave) { $cron_command = 'bash /opt/config/production/run_all.sh' logrotate::file { 'updatepuppetmaster': @@ -45,6 +37,13 @@ class openstack_project::puppetmaster ( $cron_command = 'sleep $((RANDOM\%600)) && cd /opt/config/production && git fetch -q && git reset -q --hard @{u} && ./install_modules.sh && touch manifests/site.pp' } + class { 'salt': + ensure => absent, + } + class { 'salt::master': + ensure => absent, + } + cron { 'updatepuppetmaster': user => 'root', minute => '*/15', diff --git a/modules/openstack_project/manifests/salt_trigger_slave.pp b/modules/openstack_project/manifests/salt_trigger_slave.pp deleted file mode 100644 index 126dac48a5..0000000000 --- a/modules/openstack_project/manifests/salt_trigger_slave.pp +++ /dev/null @@ -1,22 +0,0 @@ -# Slave used for automatically triggering commands on the salt master. -# -# == Class: openstack_project::salt_trigger_slave -# -class openstack_project::salt_trigger_slave ( - $jenkins_ssh_public_key = '' -) { - - class { 'openstack_project::slave': - ssh_key => $jenkins_ssh_public_key, - } - - file { '/etc/sudoers.d/salt-trigger': - ensure => present, - owner => 'root', - group => 'root', - mode => '0440', - source => 'puppet:///modules/openstack_project/salt-trigger.sudoers', - replace => true, - } - -} diff --git a/modules/openstack_project/manifests/slave.pp b/modules/openstack_project/manifests/slave.pp index 6365f9b6d8..be992241cc 100644 --- a/modules/openstack_project/manifests/slave.pp +++ b/modules/openstack_project/manifests/slave.pp @@ -10,12 +10,9 @@ class openstack_project::slave ( ) { include openstack_project + include openstack_project::automatic_upgrades include openstack_project::tmpcleanup - class { 'openstack_project::automatic_upgrades': - origins => ['LP-PPA-saltstack-salt precise'], - } - class { 'openstack_project::server': iptables_public_tcp_ports => [], certname => $certname, @@ -28,7 +25,7 @@ class openstack_project::slave ( } class { 'salt': - salt_master => 'ci-puppetmaster.openstack.org', + ensure => absent, } include jenkins::cgroups diff --git a/modules/salt/manifests/init.pp b/modules/salt/manifests/init.pp index 8bd180e313..2506048d02 100644 --- a/modules/salt/manifests/init.pp +++ b/modules/salt/manifests/init.pp @@ -1,34 +1,46 @@ # Class salt # class salt ( + $ensure = present, $salt_master = $::fqdn ) { + if ($ensure == present) { + $running_ensure = running + } else { + $running_ensure = stopped + } + if ($::osfamily == 'Debian') { include apt # Wrap in ! defined checks to allow minion and master installs on the # same host. - if ! defined(Apt::Ppa['ppa:saltstack/salt']) { - apt::ppa { 'ppa:saltstack/salt': } + if ($ensure == present) { + if ! defined(Apt::Ppa['ppa:saltstack/salt']) { + apt::ppa { 'ppa:saltstack/salt': } + } + Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-minion'] + } else { + file { '/etc/apt/sources.list.d/saltstack-salt-precise.list': + ensure => absent + } } if ! defined(Package['python-software-properties']) { package { 'python-software-properties': - ensure => present, + ensure => $ensure, } } - Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-minion'] - } package { 'salt-minion': - ensure => present + ensure => $ensure } file { '/etc/salt/minion': - ensure => present, + ensure => $ensure, owner => 'root', group => 'root', mode => '0644', @@ -38,7 +50,7 @@ class salt ( } service { 'salt-minion': - ensure => running, + ensure => $running_ensure, enable => true, require => File['/etc/salt/minion'], subscribe => [ diff --git a/modules/salt/manifests/master.pp b/modules/salt/manifests/master.pp index c6c55bd1be..a59d1a829f 100644 --- a/modules/salt/manifests/master.pp +++ b/modules/salt/manifests/master.pp @@ -1,37 +1,47 @@ # Class salt::master # -class salt::master { +class salt::master ( + $ensure = present, +) { + + if ($ensure == present) { + $directory_ensure = directory + $running_ensure = running + } else { + $directory_ensure = absent + $running_ensure = stopped + } if ($::osfamily == 'Debian') { include apt # Wrap in ! defined checks to allow minion and master installs on the # same host. - if ! defined(Apt::Ppa['ppa:saltstack/salt']) { - apt::ppa { 'ppa:saltstack/salt': } + if ($ensure == present) { + if ! defined(Apt::Ppa['ppa:saltstack/salt']) { + apt::ppa { 'ppa:saltstack/salt': } + } + Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-master'] } if ! defined(Package['python-software-properties']) { package { 'python-software-properties': - ensure => present, + ensure => $ensure, } } - - Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-master'] - } package { 'salt-master': - ensure => present + ensure => $ensure } group { 'salt': - ensure => present, + ensure => $ensure, system => true, } user { 'salt': - ensure => present, + ensure => $ensure, gid => 'salt', home => '/home/salt', shell => '/bin/bash', @@ -40,7 +50,7 @@ class salt::master { } file { '/home/salt': - ensure => directory, + ensure => $directory_ensure, owner => 'salt', group => 'salt', mode => '0755', @@ -48,7 +58,7 @@ class salt::master { } file { '/etc/salt/master': - ensure => present, + ensure => $ensure, owner => 'salt', group => 'salt', mode => '0644', @@ -58,7 +68,7 @@ class salt::master { } file { '/srv/reactor': - ensure => directory, + ensure => $directory_ensure, owner => 'salt', group => 'salt', mode => '0755', @@ -69,7 +79,7 @@ class salt::master { } file { '/srv/reactor/tests.sls': - ensure => present, + ensure => $ensure, owner => 'salt', group => 'salt', mode => '0644', @@ -82,7 +92,7 @@ class salt::master { } file { '/etc/salt/pki': - ensure => directory, + ensure => $directory_ensure, owner => 'salt', group => 'salt', mode => '0710', @@ -93,7 +103,7 @@ class salt::master { } file { '/etc/salt/pki/master': - ensure => directory, + ensure => $directory_ensure, owner => 'salt', group => 'salt', mode => '0770', @@ -101,7 +111,7 @@ class salt::master { } file { '/etc/salt/pki/master/minions': - ensure => directory, + ensure => $directory_ensure, owner => 'salt', group => 'salt', mode => '0775', @@ -109,7 +119,7 @@ class salt::master { } service { 'salt-master': - ensure => running, + ensure => $running_ensure, enable => true, require => [ User['salt'],